[1]钟秀玉.基于Apriori算法的网络取证设计[J].计算机技术与发展,2011,(05):158-162.
 ZHONG Xiu-yu.Design of Network Forensics Based on Apriori Algorithm[J].,2011,(05):158-162.
点击复制

基于Apriori算法的网络取证设计()
分享到:

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
期数:
2011年05期
页码:
158-162
栏目:
智能、算法、系统工程
出版日期:
1900-01-01

文章信息/Info

Title:
Design of Network Forensics Based on Apriori Algorithm
文章编号:
1673-629X(2011)05-0158-05
作者:
钟秀玉
嘉应学院计算机学院
Author(s):
ZHONG Xiu-yu
School of Computer, Jiaying University
关键词:
Apriori算法网络取证数据获取数据分析模式匹配
Keywords:
Apriori algorithm network forensics data collection data analysis pattern match
分类号:
TP309.08
文献标志码:
A
摘要:
传统的计算机取证在事后收集证据,证据的法律效率低。网络取证把入侵发生后的被动调查转为事件发生之前的主动防御。荩于Apriori算法的网络取证系统挖掘各种犯罪事件的关联,建立犯罪特征库。系统在获取、过滤网络数据包后,对原始数据进行协议分析,挖掘数据包间的关联信息,提取关联规则记录,再根据当前用户行为记录与犯罪特征规则的匹配结果来判定当前用户行为是否非法。为保证证据更具有原始性、完整性和法律效率,系统对获得原始数据进行加密传输,使用基于SSL的加密认证安全设计,防止证据泄露和破伪造。模拟文验表明,Apriori算法的应用提高了非法人发冷测效率,可识别新的犯罪行为,系统完整地再构犯罪过程
Abstract:
Because the traditional computer forensics collects evidence after events, the legal efficiency of evidence is low. Network forensics turns the passive investigation after events to the active defense before events. Network forensics based on Apriori algorithm mines the association of crime events to build crime characteristic database. After gaining and filtering the network data packet, the system carries on protocol analysis to the primary data, the association information between data packets are mined and the association rule records are extracted,and the current user behavior is illegal or not according to match result of the current user behavior records and the crime characteristic rules. In order to guarantee the primitiveness, integrity and legal efficiency of evidence, the system uses encryption transmission to the primary data and uses the SSL encryption authentication safe design to prevent evidence revealed and fabricated. Simulation results show that the application of Apriori algorithm increases illegal invasion detection efficiency and can identify new crime, and the system restructures criminal process completely

相似文献/References:

[1]张广路 雷景生 吴兴惠.一种改进的Apriori关联规则挖掘算法(英文)[J].计算机技术与发展,2010,(06):84.
 ZHANG Guang-lu,LEI Jing-sheng,WU Xing-hui.An Improved Apriori Algorithm for Mining Association Rules[J].,2010,(05):84.
[2]文拯 梁建武 陈英.关联规则算法的研究[J].计算机技术与发展,2009,(05):56.
 WEN Zheng,LIANG Jian-wu,CHEN Ying.Research of Association Rules Algorithm[J].,2009,(05):56.
[3]陈伟.Apriori算法的优化方法[J].计算机技术与发展,2009,(06):80.
 CHEN Wei.Method of Apriori Algorithm Optimization[J].,2009,(05):80.
[4]郑春香 韩承双.关联规则研究及在远程教育考试系统中的应用[J].计算机技术与发展,2009,(08):186.
 ZHENG Chun-xiang,HAN Cheng-shuang.Research on Association Rule Mining and Application of Long- Distance Education System[J].,2009,(05):186.
[5]郑春香 韩承双 董甲东.关联规则技术在教学评价中的应用[J].计算机技术与发展,2009,(09):215.
 ZHENG Chun-xiang,HAN Cheng-shuang,DONG Jia-dong.Application of Association Rule Mining in Teaching Appraisal[J].,2009,(05):215.
[6]向哲 林国龙 杨斌.兴趣度在增量的关联规则挖掘中的研究[J].计算机技术与发展,2009,(10):33.
 XIANG Zhe,LIN Guo-long,YANG Bin.Interestingness Research of Association Rules in Incremental Mining Data[J].,2009,(05):33.
[7]王敏 刘希玉.Apriori算法在税务系统中的应用[J].计算机技术与发展,2009,(11):175.
 WANG Min,LIU Xi-yu.Application of Apriori Algorithm in Tax System[J].,2009,(05):175.
[8]董彩云 刘培华.数据挖掘技术在远程教育教学中的应用[J].计算机技术与发展,2009,(02):179.
 DONG Cai-yun,LIU Pei-hua.Application of Data Mining Technology in Instance Education[J].,2009,(05):179.
[9]王鸿铭 沈夏炯 李国雁 臧国轻.基于等价类的关联规则挖掘矩阵算法[J].计算机技术与发展,2008,(04):55.
 WANG Hong-ming,SHEN Xia-jiong,LI Guo-yan,et al.An Association Mining Matrix Algorithm Based on Equivalence Class[J].,2008,(05):55.
[10]袁万莲 郑诚 翟明清.一种改进的Apriori算法[J].计算机技术与发展,2008,(05):51.
 YUAN Wan-lian,ZHENG Cheng,ZHAI Ming-qing.An Improvement on Apriori Algorithm[J].,2008,(05):51.

备注/Memo

备注/Memo:
广东省自然科学荩金项目(9151009001000043);广东省科技计划项目(20098060700002)钟秀玉(1972-),女.硕士,副教授,CCF会员,研究方向为网络安全、数据库应用
更新日期/Last Update: 1900-01-01